c9a62be1850ac4001037c97f7f0fd0b142ef14574d50600bb8249685585c19b4

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 19:03

Target

c9a62be1850ac4001037c97f7f0fd0b142ef14574d50600bb8249685585c19b4.dll
Size

236KB
MD5

6a88d5dbddb9915edb6fa07ef0e545ae
SHA1

785b850f6732459582731ac1bcdf12824363c9da
SHA256

c9a62be1850ac4001037c97f7f0fd0b142ef14574d50600bb8249685585c19b4
SHA512

5e1e184ea80279ff0ddc8ee0da3b76d4af35885be17bec43490dcffa8c63f1b5e3dee9d13d48c7a03cd751cd3992fa3d8e6be8b625bc63c1a921d5ce9fff6cd5
SSDEEP

3072:8nXBanM1NFNFWdeV9bNjct2OK3pIlPkq5/BsHQJJZ/qFA0O2PzteSpZeqThQA1:8nxsIN5WoVpqZ6qx2HQ5HSJ

Score

4^/10

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\tawisys.ini	rundll32.exe
File opened for modification	C:\Windows\win.ini	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1156	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9a62be1850ac4001037c97f7f0fd0b142ef14574d50600bb8249685585c19b4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9a62be1850ac4001037c97f7f0fd0b142ef14574d50600bb8249685585c19b4.dll,#1
  2⤵
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:1156

memory/1156-55-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download
memory/1156-56-0x0000000000110000-0x0000000000150000-memory.dmp

Filesize
256KB

Download